package me.chinaq.fastweb.web;

import com.fasterxml.jackson.core.JsonGenerator;
import com.fasterxml.jackson.databind.JsonSerializer;
import com.fasterxml.jackson.databind.SerializerProvider;
import org.apache.commons.lang3.StringUtils;
import org.springframework.web.util.HtmlUtils;

import java.io.IOException;

/**
 * Created by shaoqi on 9/6/2017.
 */
public class XssStringJsonSerializer extends JsonSerializer<String> {

	@Override
	public Class<String> handledType() {
		return String.class;
	}

	@Override
	public void serialize(String value, JsonGenerator jsonGenerator,
						  SerializerProvider serializerProvider) throws IOException {
		if (StringUtils.isNotEmpty(value)) {
			//这里也可以用owasp来过滤
			String encodedValue = HtmlUtils.htmlEscape(value);
			jsonGenerator.writeString(encodedValue);
		}
	}
}
